diff --git a/OCI/running-instance-ignition.json b/OCI/running-instance-ignition.json index f46d775..fe853de 100644 --- a/OCI/running-instance-ignition.json +++ b/OCI/running-instance-ignition.json @@ -1 +1,93 @@ -{"ignition":{"config":{},"security":{"tls":{}},"timeouts":{},"version":"2.3.0"},"networkd":{},"passwd":{"users":[{"name":"core","sshAuthorizedKeys":["ssh-rsa REPLACE_YOUR_KEY_HERE"]}]},"storage":{"files":[{"filesystem":"root","path":"/etc/ssh/sshd_config","contents":{"source":"data:,%23%20Use%20most%20defaults%20for%20sshd%20configuration.%0ASubsystem%20sftp%20internal-sftp%0AClientAliveInterval%20180%0AUseDNS%20no%0AUsePAM%20yes%0APrintLastLog%20no%20%23%20handled%20by%20PAM%0APrintMotd%20no%20%23%20handled%20by%20PAM%0A%23%20Flatcar%20Infra%20updates%0APasswordAuthentication%20no%0AChallengeResponseAuthentication%20no%0APermitRootLogin%20no%0AAuthenticationMethods%20publickey%0A","verification":{}},"mode":420},{"filesystem":"root","path":"/etc/hostname","contents":{"source":"data:,flatcar-arm64%0A","verification":{}},"mode":430},{"filesystem":"root","path":"/etc/flatcar/update.conf","contents":{"source":"data:,REBOOT_STRATEGY%3Dreboot%0ALOCKSMITHD_REBOOT_WINDOW_START%3D%22Sat%2023%3A00%22%0ALOCKSMITHD_REBOOT_WINDOW_LENGTH%3D1h%0A","verification":{}},"mode":420},{"filesystem":"root","path":"/etc/systemd/system/docker.service.d/10-noiptables.conf","contents":{"source":"data:,%5BService%5D%0AEnvironment%3DDOCKER_OPTS%3D--iptables%3Dfalse%0A","verification":{}},"mode":420},{"filesystem":"root","path":"/var/lib/iptables/rules-save","contents":{"source":"data:,*nat%0A%3APOSTROUTING%20ACCEPT%20%5B0%3A%5D%0A-A%20POSTROUTING%20!%20-o%20docker0%20-s%20172.17.0.0%2F16%20-j%20MASQUERADE%0ACOMMIT%0A%0A*filter%0A%3AINPUT%20DROP%20%5B0%3A0%5D%0A%3AFORWARD%20ACCEPT%20%5B0%3A0%5D%0A%3AOUTPUT%20ACCEPT%20%5B0%3A0%5D%0A-A%20INPUT%20-i%20lo%20-j%20ACCEPT%0A-A%20INPUT%20-p%20tcp%20--dport%2022%20-j%20ACCEPT%0A-A%20INPUT%20-p%20tcp%20--match%20multiport%20--dport%206000%3A9999%20-j%20ACCEPT%0A-A%20INPUT%20-p%20icmp%20--icmp-type%203%20-j%20ACCEPT%0A-A%20INPUT%20-p%20icmp%20--icmp-type%2011%20-j%20ACCEPT%0A-A%20INPUT%20-m%20conntrack%20--ctstate%20RELATED%2CESTABLISHED%20-j%20ACCEPT%0ACOMMIT%0A","verification":{}},"mode":420},{"filesystem":"root","path":"/var/lib/ip6tables/rules-save","contents":{"source":"data:,*filter%0A%3AINPUT%20DROP%20%5B0%3A0%5D%0A%3AFORWARD%20DROP%20%5B0%3A0%5D%0A%3AOUTPUT%20ACCEPT%20%5B0%3A0%5D%0A-A%20INPUT%20-i%20lo%20-j%20ACCEPT%0A-A%20INPUT%20-p%20icmpv6%20-j%20ACCEPT%0A-A%20INPUT%20-p%20tcp%20--dport%2022%20-j%20ACCEPT%0A-A%20INPUT%20-p%20tcp%20--match%20multiport%20--dport%206000%3A9999%20-j%20ACCEPT%0A-A%20INPUT%20-m%20conntrack%20--ctstate%20RELATED%2CESTABLISHED%20-j%20ACCEPT%0ACOMMIT%0A","verification":{}},"mode":420}]},"systemd":{"units":[{"enable":true,"enabled":true,"name":"iptables-restore.service"},{"enable":true,"enabled":true,"name":"ip6tables-restore.service"}]}} +{ + "ignition": { + "config": {}, + "security": { + "tls": {} + }, + "timeouts": {}, + "version": "2.3.0" + }, + "networkd": {}, + "passwd": { + "users": [ + { + "name": "core", + "sshAuthorizedKeys": [ + "ssh-rsa REPLACE_YOUR_KEY_HERE" + ] + } + ] + }, + "storage": { + "files": [ + { + "filesystem": "root", + "path": "/etc/ssh/sshd_config", + "contents": { + "source": "data:,%23%20Use%20most%20defaults%20for%20sshd%20configuration.%0ASubsystem%20sftp%20internal-sftp%0AClientAliveInterval%20180%0AUseDNS%20no%0AUsePAM%20yes%0APrintLastLog%20no%20%23%20handled%20by%20PAM%0APrintMotd%20no%20%23%20handled%20by%20PAM%0A%23%20Flatcar%20Infra%20updates%0APasswordAuthentication%20no%0AChallengeResponseAuthentication%20no%0APermitRootLogin%20no%0AAuthenticationMethods%20publickey%0A", + "verification": {} + }, + "mode": 420 + }, + { + "filesystem": "root", + "path": "/etc/hostname", + "contents": { + "source": "data:,flatcar-arm64%0A", + "verification": {} + }, + "mode": 430 + }, + { + "filesystem": "root", + "path": "/etc/flatcar/update.conf", + "contents": { + "source": "data:,REBOOT_STRATEGY%3Dreboot%0ALOCKSMITHD_REBOOT_WINDOW_START%3D%22Sat%2023%3A00%22%0ALOCKSMITHD_REBOOT_WINDOW_LENGTH%3D1h%0A", + "verification": {} + }, + "mode": 420 + }, + { + "filesystem": "root", + "path": "/etc/systemd/system/docker.service.d/10-noiptables.conf", + "contents": { + "source": "data:,%5BService%5D%0AEnvironment%3DDOCKER_OPTS%3D--iptables%3Dfalse%0A", + "verification": {} + }, + "mode": 420 + }, + { + "filesystem": "root", + "path": "/var/lib/iptables/rules-save", + "contents": { + "source": "data:,*nat%0A%3APOSTROUTING%20ACCEPT%20%5B0%3A%5D%0A-A%20POSTROUTING%20!%20-o%20docker0%20-s%20172.17.0.0%2F16%20-j%20MASQUERADE%0ACOMMIT%0A%0A*filter%0A%3AINPUT%20DROP%20%5B0%3A0%5D%0A%3AFORWARD%20ACCEPT%20%5B0%3A0%5D%0A%3AOUTPUT%20ACCEPT%20%5B0%3A0%5D%0A-A%20INPUT%20-i%20lo%20-j%20ACCEPT%0A-A%20INPUT%20-p%20tcp%20--dport%2022%20-j%20ACCEPT%0A-A%20INPUT%20-p%20tcp%20--match%20multiport%20--dport%206000%3A9999%20-j%20ACCEPT%0A-A%20INPUT%20-p%20icmp%20--icmp-type%203%20-j%20ACCEPT%0A-A%20INPUT%20-p%20icmp%20--icmp-type%2011%20-j%20ACCEPT%0A-A%20INPUT%20-m%20conntrack%20--ctstate%20RELATED%2CESTABLISHED%20-j%20ACCEPT%0ACOMMIT%0A", + "verification": {} + }, + "mode": 420 + }, + { + "filesystem": "root", + "path": "/var/lib/ip6tables/rules-save", + "contents": { + "source": "data:,*filter%0A%3AINPUT%20DROP%20%5B0%3A0%5D%0A%3AFORWARD%20DROP%20%5B0%3A0%5D%0A%3AOUTPUT%20ACCEPT%20%5B0%3A0%5D%0A-A%20INPUT%20-i%20lo%20-j%20ACCEPT%0A-A%20INPUT%20-p%20icmpv6%20-j%20ACCEPT%0A-A%20INPUT%20-p%20tcp%20--dport%2022%20-j%20ACCEPT%0A-A%20INPUT%20-p%20tcp%20--match%20multiport%20--dport%206000%3A9999%20-j%20ACCEPT%0A-A%20INPUT%20-m%20conntrack%20--ctstate%20RELATED%2CESTABLISHED%20-j%20ACCEPT%0ACOMMIT%0A", + "verification": {} + }, + "mode": 420 + } + ] + }, + "systemd": { + "units": [ + { + "enable": true, + "enabled": true, + "name": "iptables-restore.service" + }, + { + "enable": true, + "enabled": true, + "name": "ip6tables-restore.service" + } + ] + } +}